summaryrefslogtreecommitdiffstats
path: root/rules/iptables.in
blob: d98f1ac4e0a1f6b5a7834ff26a01ec5db6eb32bf (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
## SECTION=networking

menuconfig IPTABLES
	tristate
	prompt "iptables                      "
	select LIBC_M
	select LIBC_DL
	select GCCLIBS_GCC_S
	select LIBNFTNL		if IPTABLES_NFTABLES_COMPAT
	select NFTABLES		if IPTABLES_NFTABLES_COMPAT && RUNTIME
	select LIBNFNETLINK	if IPTABLES_LIBNFNETLINK
	help
	  Iptables  is used to set up, maintain, and inspect the
	  tables of IP packet filter rules in the Linux kernel.
	  Several different tables may be defined.  Each table
	  contains a number of built-in chains and may also
	  contain user-defined chains.

if IPTABLES

config IPTABLES_IPV6
	bool
	prompt "IPv6 support"

config IPTABLES_IPV4
	bool
	prompt "IPv4 support"

config IPTABLES_IPV6_SYSTEMD_UNIT
	bool
	prompt "Activate IPv6 systemd service unit"
	select IPTABLES_IPV6
	select IPTABLES_INSTALL_TOOLS

config IPTABLES_IPV4_SYSTEMD_UNIT
	bool
	prompt "Activate IPv4 systemd service unit"
	select IPTABLES_IPV4
	select IPTABLES_INSTALL_TOOLS

config IPTABLES_LIBIPQ
	bool
	prompt "Enable libipq"
	help
	  Builds and installs libipq (the iptables userspace packet
	  queuing library).

config IPTABLES_INSTALL_TOOLS
	bool "install executables"
	help
	  depending on the selected protocols install the links to
	  xtables-multi:
	    IPv4: iptables, iptables-save, iptables-restore
	    IPv6: ip6tables, ip6tables-save, ip6tables-restore

comment "iptables-apply depends on bash"
	depends on BASH = n

config IPTABLES_INSTALL_IPTABLES_APPLY
	bool
	prompt "install iptables-apply"
	select IPTABLES_INSTALL_TOOLS
	depends on BASH
	help
	  iptables-apply will try to apply a new ruleset (as output by
	  iptables-save/read by iptables-restore) to iptables, then prompt the
	  user whether the changes are okay. If the new ruleset cut the
	  existing connection, the user will not be able to answer
	  affirmatively.

config IPTABLES_LIBNFNETLINK
	bool
	prompt "configure libnfnetlink"
	help
	  Select if iptables should be build against libnfnetlink

config IPTABLES_NFTABLES_COMPAT
	bool
	prompt "nftables compat"
	help
	  install xtables-compat-multi, allowing compatibility with nftables

endif